metamorpherrat | 27c0d27301d0249ad037784b18fee5c087534b2ed3de81db6c038227e38deac6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e850ed9b9eb661162257c74b4caab45d_JaffaCakes118
Size

78KB
Sample

240408-yzmhxadh9y
MD5

e850ed9b9eb661162257c74b4caab45d
SHA1

c95d96973e2b74e2d69528cc3c79dbb4ef6707f2
SHA256

27c0d27301d0249ad037784b18fee5c087534b2ed3de81db6c038227e38deac6
SHA512

d949f12b4e0cba64145a9954b9d90d669df68c4c59f239f677789f422efe746516f9c5243bdaf91ec52964ea0832d69911bc697cfbefed58231fe7800fc98b73
SSDEEP

1536:m+5jSNpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQti6t9/MB1F/:T5jS7JywQjDgTLopLwdCFJzl9/w

Score

10^/10

metamorpherrat rat stealer trojan

Malware Config

Targets

- Target
  
  e850ed9b9eb661162257c74b4caab45d_JaffaCakes118
- Size
  
  78KB
- MD5
  
  e850ed9b9eb661162257c74b4caab45d
- SHA1
  
  c95d96973e2b74e2d69528cc3c79dbb4ef6707f2
- SHA256
  
  27c0d27301d0249ad037784b18fee5c087534b2ed3de81db6c038227e38deac6
- SHA512
  
  d949f12b4e0cba64145a9954b9d90d669df68c4c59f239f677789f422efe746516f9c5243bdaf91ec52964ea0832d69911bc697cfbefed58231fe7800fc98b73
- SSDEEP
  
  1536:m+5jSNpJywt04wbje3IgTazcoOEEQLwdCRoaeuProYMHQti6t9/MB1F/:T5jS7JywQjDgTLopLwdCFJzl9/w
Score

10^/10

metamorpherrat rat stealer trojan
- MetamorpherRAT
  Metamorpherrat is a hacking tool that has been around for a while since 2013.
  trojan rat stealer metamorpherrat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

metamorpherratratstealertrojan

behavioral2